package com.itheima.Demo04_PreparedStatement;

import com.itheima.jdbcUtils.JDBCUtils;
import org.junit.Test;

import java.sql.*;

/*
* preparedStatement 和普通的 statement方法什么都一致 同时可以防止sql注入风险
* */
public class demo01 {
    @Test
    public void Test01(){
       //工具包获取连接对象
        Connection connection = null;
        PreparedStatement statement=null;
        ResultSet resultSet =null;
        try {
            connection = JDBCUtils.getConnection();
            String sqlselect=" select * from user where username=? and password=? ";// ? 占位符 第一个？ 索引为1 类推
            statement = connection.prepareStatement(sqlselect);
            statement.setString(1,"lisi");//传入用户名
            statement.setString(2,"123");//传入密码
            resultSet = statement.executeQuery();
            while (resultSet.next()){
                System.out.println(resultSet.getString("id")+":"+resultSet.getString("username")+":"+resultSet.getString("password"));
            }
        } catch (ClassNotFoundException e) {
            e.printStackTrace();
        } catch (SQLException e) {
            e.printStackTrace();
        }finally {
            JDBCUtils.Close(connection,statement,resultSet);
        }
    }
}
